tnsping (and others) take at least 5 seconds (or longer)

I ran into a situation where tnsping and other connections like ssh and such took at least 5 seconds (5000 msec) to establish:

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = host.domain.local)(PORT = 1521))
                                     (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = ORCL)))
OK (5010 msec)

Also connecting to ‘host.domain.local’ with ssh took about 5 seconds. At first I thought it had to with sshd and some authentication options which had to timeout first, but than I discovered tnsping also waits 5 seconds. When connecting to the ip address it took 0 msec… aha… a DNS thing?!

After Googling I found it has to do with the way DNS lookups are done and how this is handled at the DNS server. After a change in glibc (2.9 and 2.10) requests are done in parallel for A (ipv4) and AAAA (ipv6) records and that change could be misunderstood by (older) DNS servers and only one reply is returned. A default timeout in the resolver is set to 5 seconds, this is where the 5 seconds wait comes from for the second request that does not return. Of course the timeout can be set lower to 1 second (‘options timeout:1’ in resolv.conf), but for me that not a good solution.

I came across this blog post (CentOS 6 fixes dns slow by add options single-request-reopen to /etc/resolv.conf), which show a fix the ‘5 second delay’ at the resolving client side by adding a different option ‘single-request’ or ‘single-request-reopen’ in resolv.conf:

options single-request
# and/or
options single-request-reopen
search domain.local

For me both single options work, not necessarily both at the same time. I’m using Oracle Linux 7.3, so it’s not only a Linux 6 thing.

It is (probably) also described at RedHat, but you need an active subscription to view the content: (RHEL: DNS resolution can take 5 seconds or longer).

Happy resolving!

Tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.